{"id":37026383,"url":"https://github.com/unbroken-dome/aws-codeartifact-maven-proxy","last_synced_at":"2026-01-14T03:04:11.111Z","repository":{"id":45545300,"uuid":"381741861","full_name":"unbroken-dome/aws-codeartifact-maven-proxy","owner":"unbroken-dome","description":"A local Maven proxy server for AWS CodeArtifact repositories handling authorization and endpoint lookup","archived":false,"fork":false,"pushed_at":"2021-12-09T05:16:55.000Z","size":111,"stargazers_count":6,"open_issues_count":3,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-08-17T13:22:51.842Z","etag":null,"topics":["codeartifact"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/unbroken-dome.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-30T15:06:32.000Z","updated_at":"2023-08-15T15:42:12.000Z","dependencies_parsed_at":"2022-09-06T23:31:05.802Z","dependency_job_id":null,"html_url":"https://github.com/unbroken-dome/aws-codeartifact-maven-proxy","commit_stats":null,"previous_names":[],"tags_count":3,"template":null,"template_full_name":null,"purl":"pkg:github/unbroken-dome/aws-codeartifact-maven-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unbroken-dome%2Faws-codeartifact-maven-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unbroken-dome%2Faws-codeartifact-maven-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unbroken-dome%2Faws-codeartifact-maven-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unbroken-dome%2Faws-codeartifact-maven-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/unbroken-dome","download_url":"https://codeload.github.com/unbroken-dome/aws-codeartifact-maven-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unbroken-dome%2Faws-codeartifact-maven-proxy/sbom","scorecard":{"id":908912,"data":{"date":"2025-08-11","repo":{"name":"github.com/unbroken-dome/aws-codeartifact-maven-proxy","commit":"f9a98443fde573ba6feceb5d776060739320f375"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Code-Review","score":0,"reason":"Found 0/7 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.1.0 not signed: https://api.github.com/repos/unbroken-dome/aws-codeartifact-maven-proxy/releases/45569805","Warn: release artifact v0.1.0 does not have provenance: https://api.github.com/repos/unbroken-dome/aws-codeartifact-maven-proxy/releases/45569805"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-24T18:24:26.003Z","repository_id":45545300,"created_at":"2025-08-24T18:24:26.003Z","updated_at":"2025-08-24T18:24:26.003Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408800,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codeartifact"],"created_at":"2026-01-14T03:04:10.427Z","updated_at":"2026-01-14T03:04:11.095Z","avatar_url":"https://github.com/unbroken-dome.png","language":"Kotlin","readme":":groupId: org.unbroken-dome.aws-codeartifact-maven-proxy\n:artifactId: aws-codeartifact-maven-proxy\n:version: 0.3.0\n\nifdef::env-github[]\n:tip-caption: :bulb:\n:note-caption: :information_source:\n:important-caption: :heavy_exclamation_mark:\n:caution-caption: :fire:\n:warning-caption: :warning:\n\n:toc-placement!:\nendif::[]\n\n= AWS CodeArtifact Maven Proxy\n\nimage:https://img.shields.io/maven-central/v/{groupId}/{artifactId}[link=https://search.maven.org/artifact/{groupId}/{artifactId}/{version}/jar]\n\nThis project contains a lightweight, embeddable proxy server for AWS CodeArtifact Maven repositories. It\nautomatically handles endpoint lookups and CodeArtifact authorization tokens.\n\n== Background\n\nAWS CodeArtifact is a great, cost-efficient service for hosting private Maven repositories. However, its\nauthentication mechanism with its temporary tokens, while certainly adding a degree of security, is often\ncumbersome to work with:\n\n* Developers running a build from their local machine will have to install the AWS CLI and execute some\n  commands to look up endpoints and retrieve authorization tokens.\n\n* Access to the repositories is only actually needed for the initial build execution and when dependencies\n  have changed. For the majority of builds, the required artifacts can be served from a local cache, making\n  it unnecessary to even obtain an authorization token.\n\n== How It Works\n\nThe proxy server is intended for _local_ use only. It acts as a virtual Maven repository server by forwarding\nURL paths that conform to the pattern\n\n----\n/\u003cdomain\u003e/\u003cdomain-owner\u003e/\u003crepo\u003e/\u003cgroup\u003e/\u003cartifact\u003e/...\n----\n\nto the appropriate AWS CodeArtifact repository endpoint for `domain`, `domain-owner` and `repo`.\n\nTIP: The special value `default` can be used for the `\u003cdomain-owner\u003e` to use the default AWS account ID based on the\nproxy server's AWS credentials.\n\n\n.Fowarding example\n====\n\nFor example, assuming that the account `123456789012` has a CodeArtifact domain `my-domain` containing a repository\n`my-repo` in the region `eu-west-1`, the proxy server forwards the request\n\n----\nGET /my-domain/123456789012/my-repo/com/example/my-package/1.2.3/my-package-1.2.3.jar\n----\n\nto\n\n----\nhttps://my-domain-123456789012.d.codeartifact.eu-west-1.amazonaws.com/maven/my-repo/com/example/my-package/1.2.3/my-package-1.2.3.jar\n----\n\nThe forwarded request will also contain an appropriate `Authorization` header containing\n\n(The actual hostname is retrieved using the\n[https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_GetRepositoryEndpoint.html] API.)\n\n====\n\nIt uses the standard AWS SDK authentication strategies (e.g., `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`\nenvironment variables). The AWS APIs are only called on demand.\n\nAuthorization tokens are cached for the duration indicated by the AWS CodeArtifact API (maximum 12 hours). After\nthat, the proxy server will automatically request a new token. To the user of the proxy server, this is completely\ntransparent.\n\nCaching is in-memory only, so cached tokens are lost when the proxy server is shut down or restarted. There is no\ndisk cache, both for security reasons and because the proxy's own AWS credentials might change between runs, making\nvalidation of cache entries about as expensive as just requesting new tokens.\n\n\n== Usage\n\n=== As Embedded Server (JVM)\n\n==== Prerequisites\n\n- JDK 1.8+\n- Kotlin: The server library is written in Kotlin and compiled against the Kotlin stdlib 1.5.20. If your\n  code uses a different version of Kotlin, there might be some compatibility issues.\n\n==== Steps\n\n- Include the artifact on your classpath:\n+\n.Maven (pom.xml)\n[source,xml,subs=\"+attributes\"]\n----\n\u003cdependency\u003e\n  \u003cgroupId\u003eorg.unbroken-dome.aws-codeartifact-maven-proxy\u003c/groupId\u003e\n  \u003cartifactId\u003eaws-codeartifact-maven-proxy\u003c/artifactId\u003e\n  \u003cversion\u003e{version}\u003c/version\u003e\n\u003c/dependency\u003e\n----\n+\n.Gradle (build.gradle / build.gradle.kts)\n[source,kotlin,subs=\"+attributes\"]\n----\ndependencies {\n    implementation(\"org.unbroken-dome.aws-codeartifact-maven-proxy:aws-codeartifact-maven-proxy:{version}\")\n}\n----\n+\nThe artifact is available on Maven Central.\n\n- Create an instance of `Options`\n\n- Call `CodeArtifactMavenProxyServer.start(options)`, which returns a `CompletableFuture` to the server\n  object allowing to `stop` it later. Synchronous/blocking variants `startSync` and `stopSync` are available as well.\n\n- The port can be configured in the `Options`, or set to `0` (default) to assign a random port. In the latter case,\n  the actual port on which the server is listening can be queried using the `actualPort` property.\n\n\n=== Using the CLI\n\n- Download the latest `aws-codeartifact-maven-proxy-cli` archive from the releases page and extract it\n\n- Run `./aws-codeartifact-maven-proxy` to start the server. Ctrl+C to stop.\n\nIf started without any arguments, the server will start listening on a random port, which can be retrieved from the\nlogs.\n\nThe following command-line arguments are available:\n\n\n|===\n| Option | Description\n\n| `--bind \u003caddress\u003e`\n\n  `-b \u003caddress\u003e`\n| Bind to the given address instead of `localhost` / `127.0.0.1`.\n\n| `--port \u003cport\u003e`\n\n  `-p \u003cport\u003e`\n| Local port to listen on. Set to `0` to choose a random port.\n\n| `--debug`\n| Show DEBUG-level logs.\n\n| `--aws-debug`\n| Show DEBUG-level logs for the AWS SDK.\n\n| `--token-ttl \u003cduration\u003e`\n\n  `-t \u003cduration\u003e`\n| TTL to request for authorization tokens from AWS CodeArtifact. This can be specified as a number of seconds\n(e.g. `300`) or as a duration string like `1h30m`.\n\nA value of `0` (zero) will set the expiration of the authorization token to the same\nexpiration of the user's role's temporary credentials.\n\nIf not set, uses the defaults of the service (currently 12 hours).\n\n| `--endpoint-ttl \u003cduration\u003e`\n| TTL for caching AWS CodeArtifact repository endpoints. By default, these will be cached\n  indefinitely (until the server is stopped).\n\n| `--eager-init`\n| If this flag is used, certain setup tasks (like initializing the AWS clients) are done when\n  the server starts. By default, all initialization is done lazily when it is actually needed,\n  i.e. on the first request.\n\n| `--wiretap [ all \\| targets ]`\n| Specify a list of targets to enable \"wiretap\" logging on TRACE level. Valid targets are\n  `raw`, `http` and `ssl`.\n\nMultiple targets can be specified as a comma-separated list, e.g.\n  `--wiretap raw,http`.\n\nThe value `all` (or just `--wiretap`) will enable wiretap logging\nfor all targets.\n\n|===\n\n\n\n=== Using a Docker image\n\nCurrently, the Docker image is not published to a public registry, but you can easily create it on your local Docker\nhost with:\n\n----\n./gradlew :cli:jibDockerBuild\n----\n\nThe environment variables or files for the desired AWS authentication strategy must be passed to the Docker image,\nand the port should be forwarded to the host. (Remember to bind to 127.0.0.1 on the host, otherwise the server will\nbe public in your network!)\n\n----\nexport AWS_ACCESS_KEY_ID=...\nexport AWS_SECRET_ACCESS_KEY=...\nexport AWS_REGION=...\n\ndocker run -d --name aws-codeartifact-maven-proxy \\\n  -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_REGION \\\n  -p 127.0.0.1:8080:8080 \\\n  unbroken-dome:aws-codeartifact-maven-proxy:\u003cversion\u003e -b 0.0.0.0 -p 8080\n----\n\nOther CLI arguments can be used as described above.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funbroken-dome%2Faws-codeartifact-maven-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funbroken-dome%2Faws-codeartifact-maven-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funbroken-dome%2Faws-codeartifact-maven-proxy/lists"}